Vulnerability Description
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx | >= 0.7.52, < 0.7.66 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.htmlExploitRelease NotesThird Party Advisory
- http://www.exploit-db.com/exploits/13818ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13822ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40760ExploitThird Party AdvisoryVDB Entry
- http://spa-s3c.blogspot.com/2010/06/full-responsible-disclosurenginx-engine.htmlExploitRelease NotesThird Party Advisory
- http://www.exploit-db.com/exploits/13818ExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/13822ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/40760ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2010-2263?
CVE-2010-2263 is a vulnerability with a CVSS score of 5.0 (MEDIUM). nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::...
How severe is CVE-2010-2263?
CVE-2010-2263 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2263?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx, Microsoft Windows.